Introduction

As technology continues to advance, so do the risks associated with cybersecurity. Higher education institutions are particularly vulnerable to cyber threats due to the vast amount of sensitive data they store, including financial records, personal information, academic records and research data. Cyberattacks can disrupt online learning, compromise academic integrity, expose sensitive information, or damage institutional reputation. Given the potential consequences, cybersecurity is everyone’s responsibility. Consider the following statistics:- Education is the most targeted industry, with an average of 2297 cyberattacks against organizations each week in the first half of 2022; a 44% increase compared to the first half of 2021. [source]- Around 41% of higher education cyber incidents and breaches were caused by social engineering machinations². [source]- In 2021, 40% of victims in the higher education sector took longer than one month to recover from a cyberattack. [source]- The FBI’s Cyber Division recently warned that ransomware poses a considerable risk for higher education, as cybercriminals using this type of attack are now focusing heavily on colleges and universities. [source]Some possible repercussions of cybersecurity attacks in higher education are:

  • Disruption of remote learning and teaching due to malware infections or denial-of-service attacks. [source]Loss of sensitive data such as student records, research data, financial information, or intellectual property. [source]Damage to reputation and trust among students, faculty, staff, alums, donors, and partners.Legal liability and regulatory fines for non-compliance with data protection laws or contractual obligations.

Here are some recent cases of cybersecurity attacks in higher education:

  • In September 2021, Howard University suffered a ransomware attack that forced it to shut down its online classes and campus network for several days. [source]In July 2021, the University of California San Diego Health reported a data breach that exposed the personal information of half a million patients. [source] In July 2020, the University of Utah Health disclosed another data breach that affected over 10,000 patients due to an attack on its email system.[source]

One such technology that can potentially introduce cybersecurity risks in higher education is ChatGPT.ChatGPT is a large language model trained by OpenAI that can generate human-like text responses to a wide range of prompts. While ChatGPT has the potential to contribute to the core mission of student success/experience, learning & teaching, and research higher education professionals who use ChatGPT may unwittingly expose themselves to phishing attacks, social engineering scams, and information leaks.In this blog post, we will discuss the potential cybersecurity risks associated with ChatGPT in higher education and provide recommendations for protecting against them. We will also outline the steps that higher education professionals can take to secure ChatGPT in their environments, ensuring that they can safely use this technology to enhance their work without putting themselves or their institutions at risk.

What is ChatGPT?

ChatGPT, a large language model trained by OpenAI, uses machine learning algorithms to create human-like text responses to many prompts. ChatGPT analyzes massive data from books, webpages, and other text-based sources. It then builds a language model to guess and generate text based on a prompt. To improve its responses in areas like education, ChatGPT can be tuned.ChatGPT could improve teacher, staff, and student collaboration in higher education. For instance, it can augment campus capacity by providing departments with 24/7 self-service capability to provide information to students via chatbots. This student success support model highlights potential areas of student/university interactions where chatbot technology can enhance the experience. ChatGPT can help study and data analysis by generating insights and recommendations from large datasets. Additional insights on ChatGPT and higher education through web articles, presentations, and campus policies/guidance are compiled here.Some faculty members, including Ethan Mollick’s experiment with AI in the classroom, showed that AI tools like ChatGPT could enhance the learning experience with proper training and guidance.ChatGPT may help higher education, but it also poses cybersecurity risks. The language model can create convincing phishing emails or social engineering attacks to trick higher education professionals into divulging sensitive information or installing malware on their devices. If not secured, ChatGPT can leak private information. Thus, higher education professionals must understand these risks and defend themselves and their institutions.

Potential Cybersecurity Risks Introduced by ChatGPT in Higher Education

While ChatGPT has many potential benefits for higher education, it also introduces new cybersecurity risks. These risks can include the following:

  • Phishing attacks: ChatGPT can generate convincing phishing emails that appear to be from legitimate sources, such as the IT department or a trusted colleague. These emails can trick higher education professionals into revealing sensitive information or installing malware on their devices. Here’s an example:

Social engineering attacks:

ChatGPT can also be used to generate convincing messages that manipulate higher education professionals into taking specific actions, such as downloading a file or clicking on a link. Social engineering attacks can be particularly dangerous because they exploit human psychology and can be difficult to detect.

  • Information leaks: ChatGPT has the potential to generate responses that reveal confidential information, such as financial records or personal data. If not properly secured, this information could be leaked to unauthorized users, leading to significant harm to individuals and institutions.

Best Practices for Protecting Against Cybersecurity Risks

There are several recommended practices that higher education community members can follow to protect against cybersecurity risks associated with ChatGPT in higher education. These include:

  • Be cautious of phishing attacks: Cybercriminals can use ChatGPT to conduct phishing attacks, so be cautious of any suspicious links or emails that ask for personal information.
  • Keep personal information private: Do not share personal information, such as passwords or social security numbers, with ChatGPT or any other third-party applications.
  • Use two-factor authentication: Use two-factor authentication to add an extra layer of security to your accounts and prevent unauthorized access.
  • Use strong passwords: Use strong passwords that are difficult to guess or crack. Do not reuse passwords across different accounts.
  • Be aware of chatbots imitating ChatGPT: Cybercriminals can create chatbots that imitate ChatGPT to steal personal information or spread malware. Be cautious of chatbots that ask for personal information.
  • Keep software up to date: Keep your software, including web browsers and operating systems, up to date to prevent security vulnerabilities.
  • Report suspicious activity: Report any suspicious activity related to ChatGPT, such as unusual messages or requests for personal information, to your IT department or cybersecurity team.

Conclusion

In today’s digital age, cybersecurity risks are a constant concern for higher education institutions. As a new and powerful technology, ChatGPT has the potential to revolutionize higher education’s core missions of student success and experience, learning and teaching, research, and the enabling capabilities that support these core missions. However, it also introduces new cybersecurity risks that higher education staff, faculty, researchers, and students must be aware of and take appropriate measures to protect themselves.

To ensure the safe and effective use of ChatGPT, higher education institutions should implement best practices for protecting against cybersecurity risks. These practices include employee training, multi-factor authentication, encryption, and regularly updating security protocols. Additionally, institutions should take steps to secure ChatGPT in their environments, such as configuring access control, monitoring for anomalous behavior, and partnering with trusted vendors.

By following these recommended practices and taking these steps, higher education professionals can minimize the risks posed by ChatGPT to enhance their work and improve communication and collaboration in their institutions. With a comprehensive approach to cybersecurity, higher education institutions can protect themselves and their sensitive data from potential cybersecurity threats and stay ahead of emerging risks.

Note: ChatGPT and Bing AI were used for the content of this article.